Tuesday, April 26, 2011

How To Find The Wordpress Version Of A Website/Blog

When ever a hacker tries to attack a CMS(Content managing system) the first thing which he usually does is that he tries to find out the version number of that CMS, So he could go and search on Exploit databases for possible exploits, In a wordpress blog by default you can easily find out some one's version number by just viewing the source of that particular blog.

Now it's not a good idea to expose your version number because it will make your Website/blog more vulnerable to hackers, There are couple of ways through which you can hide your version numbers, The simplest one is to add the following code inside your functions.php file

remove_action('wp_head', 'wp_generator');

Moreover there are couple of other plugins which can help you hide your wordpress plugin, Just google for them.

Readme.html File Bug

Well even if any one is using plugins to hide their wordpress version number, it is still possible for a hacker to determine your version number, All the hacker has to do is to add "/readme.html" after the websites URL.

Countermeasures

Use a good plugin that can hide your wordpress version number.

Always update your wordpress to the latest version.

Either delete readme.html file or change it to some thing like readme.php file.